Compulsory Routers in your country

• Previous message (by thread): Compulsory Routers in your country
• Next message (by thread): Compulsory Routers in your country
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

# Heiki \"Repentinus\" Ojasild <repentinus at fsfe.org> [ 16. Jan 2014 @ 16:44
+0100]:
> On 16/01/14 15:30, Max Mehl wrote:
>> The leaks before the end of 2013 stated that NSA successfully redirected 
>> network traffic to shadow servers with cloned content if the hardware is 
>> backdoored/insecure. So if your router isn't secure, your traffic is
>> neither, no matter which tools you use - Man-in-the-middle says hello.
> 
> With proper certificate management practices, there is zero difference 
> whether your router compromised by the NSA or your ISP's servers 
> compromised by the NSA attempt to snoop on you. The endpoints need to do 
> the encryption, not some intermediary device.

On a technical and theoretical level, that's right. MITM isn't as easy as it
sounds if proper certificate management practices are used. However, I would
feel safer if I knew that I can check my router for security flaws and backdoors.
Having attacks against some CAs and the knowledge/ignorance of avarage IT
users in mind, using certificates/encryption does not seem to be the one and
only solution for this problem in my opinion.

> If you simply wish to stop making it easy for the NSA to snoop on your
> local traffic and your ISP is being a douche, just put your own router
> after the ISP's.

True, we also had this idea when thinking about the implications of Compulsory
Routers in Germany. The problem with this solution is that some things
possibly won't work even if using another router behind the ISP's one. For
example, some default routers do not allow port forwarding. One volunteer had
problems with IPv6 even after using another router, because the default one
did not support it completely. Some routers aren't even compatible with VPN,
Tor and/or VoIP...

- From the security perspective, this may be suitable somehow, from the
compatibility, environmental, economical, and user-friendly perspective,
Compulsory Routers are the devil in your house.

Best,
Max

- -- 
Max Mehl - Free Software Foundation Europe (FSFE)  -  fsfe.org
Schönhauser Allee 6/7, 10119, Berlin | Phone:  +49-30-27595290
About me: http://fsfe.org/about/mehl | Blog: blog.max-mehl.com
Support us:  http://fsfe.org/support | Homepage:  max-mehl.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQEcBAEBAgAGBQJS2APeAAoJEOxlXmdUnkHiItMH/3JP9jWnnIAMpIqNDtNUeNhC
3Z51jHDj3MfsnkhYX2c2OpJzrf/AtK/TBEeoAF+EF6JjJMSVWLzOp9dIanfhqb0H
wcMtHOLfxe4OSlr5oV/k0DkY4JyPIDx7AmxQN3+UsvVDyHmxK8est99VELJF+zn7
vim+SxNrd5Z0OswqAMdZA8yE+l21cBSfy2bpLkxp2+0mYya+Tz6RLdJomUNZq6Lh
DFdtVKvUKCy3eVD/If46LsCpsck1E+WAM62GMYAs6NQmuSvkMco9NRAH8u1nby95
+/KmC8wEufapcrIuHvHMrDDVATP/r8x2XPqUF5dLuCllOxk8jz8h5KIdToMgRuM=
=sm7d
-----END PGP SIGNATURE-----

• Previous message (by thread): Compulsory Routers in your country
• Next message (by thread): Compulsory Routers in your country
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]